Designing Operational Technology with Security

Question: Discuss about the Designing Operational Technology with Security. Answer: Introduction: The virtue should be given on keeping the higher focus in accordance with the security issues in IT sector environment. There is hundreds of hacker available who keep the eye on the confidential information to hack by making use of number of hacking tools (Lujan, 2011). It is necessity to think wider for securing the data and information from hacking and being misused by unauthorized persons. If the new virus arises in the environment and the internet generate the signal of contamination then necessary action should be taken in a direction of overcoming the virus attack. This can be done by the application of specific patch; specific port should be added to the firewall, and the addition of unique signature to the IDS devices. The violation of the information can be overcome by following three fundamental rules which are categorised as confidentiality, integrity, and availability of the data (Resnik, 2015). The higher focus should be given on developing the tactics correspondent to the arrival of viruses in daily working environment information technology. When we focus on security concern of information technology sector then we will be able to overcome the two common problems which are discussed below: It is hard to be aware unique security measures correspondent to every vulnerability which comes into existence. When we think about the vulnerabilities security issues we are only be able to overcome of the issues but not make ourselves proactively ready for the occurrence of vulnerability in any manner. In the present time of technological changes it has been observed that security is the peak step to be taken. The IT security focuses on protecting the nature and sensitivity associated with securing the data and information. From the survey and the research it has been seen that zoning is the key process which can be used for making security decision. This process involves defining of the subjects and objects which requires security. Each area should be highly focused separately to determine the risk and vulnerabilities attached with the component and the required a action can be taken. In the environment of technological changing environment, the requirement arises to pick the appropriate data from the pool of information, timely access, and analysis of independent open source intelligence are the necessary security awareness situation to fight against the emerging threats of security. The question which comes forward is that how we can make ourselves proactively ready for the occurrence of the vulnerability (Bresler, 2010). What action we can take against the arrival of the uncertain vulnerabilities. From the research of these questions we come across various practises and tools which help us to compete with the arising vulnerability. Thinking in zones, security in layering, creation of chokepoints, fundamentals of relational security, fundamentals of secret less security, practice of dividing responsibility, and lastly the failing of security are some of the best practices which can be applied to remain proactive and overcome the situation of occurrence of the vulnerability. It has been observed that the business operations and risk manager treated IT security as an art because they think that data should have to be collected to take the corrective action in taking the right judgement on the occurrence of the risk. The meaning of the term science to the expert is quantitative measure of the risk and capability of decision making (Miller, 2012). The IT security is the fundamental phenomenon which deals with management of risk associated with the project. From the survey and the research it has been concluded that 58% of the high professional treated IT security as a form of Science, 48% of the high professional treated IT security as a form of both Science and art and 57% of the high professional (Buhalis, 2012) treated IT security as a form of Art. The diversification has been seen in the opinion in relation with this question that IT security is an art or science. The result of the survey is analysed by dividing the opinion of the professionals in five different modules which are categorised as security management based on risk maturity and governance plans, metrics used for measuring the value of security of risk, development of key metrics for the evaluation of risk based security, controls provided on risk based security, and Communication, collaboration and development of culture in association with risk based security. In the survey it has been observed that the term art is means to the high professional is analysis of the ris k and capability of decision making in overcoming the risk. It has been observed that the business operations and risk manager treated IT security as an art because they think that data should have to be collected to take the corrective action in taking the right judgement on the occurrence of the risk. The meaning of the term science to the expert is quantitative measure of the risk and capability of decision making (Miller, 2012). The IT security is the fundamental phenomenon which deals with management of risk associated with the project. The measures used for IT security helps in reduction of risk, reduction in cost, and others. The human behaviour plays a major role in the management of IT security because every individual have different alternative to tackle the situation of risk occurred within the project. The good IT security is the degree of tackling with the situation. The concern with establishing IT security within the organization focuses on correct judgement on the al ternatives proposed, no impact of change in human behaviour, evaluation of the decision, and security of the data associated with the project. Risks are the major part of the project to handle for the success of the project. The IT security focuses on protecting the nature and sensitivity associated with securing the data and information. The potential harm to the data and information may result in the failure of the project in the near future. The myths and rumours have been seen that security of data and other credential of IT sector is the technology. In preparing the company to mitigate the risk the development of policy is quite necessary because the process of managing the risk is accompanied with number of choices and trade-offs. The process of mitigating the risk involves the participation of people because people play a major role and component of risk management equation (Robert, 2010). The major components which come forward in managing the risk are the human behaviour to control. From the above discussion it can be observed that IT security is an art of managing itself against the risk associated with the project. Fear and security of information are the interrelated terms which are treated together (Hadson, 2008). The positive effect of fear factors helps the manager to look forth to overcome the security issues raised in the initial stage of the project completion. The fear factors associated with the security of information are unauthorized accessing of the information, disclosure and disruption of the information, modification of the information, and others. The specialist of IT security focuses on making their project secure from the malicious attacks and others. It has been observed that the area of information security is growing at the faster rate. Regulation and certification are provided to the IT security. From the survey and research it has been concluded that the IT security issues are given importance in relation with increment seen in securing the data and information, professionals are hired for securing the information of technology from uncertain and unknown risk occurred inside the organization which may play the role of hindrance in the success of the project. It is a key to step to overcome the risk in the initial stage of the project so that the project is completed successfully. There are several factors responsible for the implementation of tactics used for the securing the information and data in relation with IT sector which are described below: Vital role to test the features of the product The product should meet the requirement of the organization which are clearly mentioned in the scope of work Personnel attrition should be focused The importance should be given on the changing nature of the human behaviour The problem of rework arises due to the poor implementation of inefficient security program. The cost may be raised There may be the lack of integration of the new product with the existing environment Failure of the product when it does not matches with the requirement, delivery on time, quality standards Logical conclusion should be drawn to overcome the proposed fear and risk associated with the project (Brown, 2013). The violation of the information can be overcome by following three fundamental rules which are categorised as confidentiality, integrity, and availability of the data. Conclusion: The factors which are commonly associated with the security of information are the attack of viruses, worms, phishing, and Trojan. Identity theft is the other major concern of IT security. It is a key to step to overcome the risk in the initial stage of the project so that the project is completed successfully. Fear and security of information are the interrelated terms which are treated together. In the present time of technological changes it has been observed that security is the peak step to be taken Brown, 2013). The decision to overcome the fear associated with the information security should be taken by using the knowledge and experience. The fear factor can be combatted by making use of security mind. References: Lujan, G. (2011).A psychological perspective on vulnerability in the fear of cyber crime(1st ed.). Retrieved from https://eprints.lse.ac.uk/21534/1/A_psychological_perspective_on_vulnerability_in_the_fear_of_crime_(LSERO_version).pdf Resnik, D. (2015).States need to plan with security in mind on every IT project.(1st ed.). Retrieved from https://www.statetechmagazine.com/article/2016/03/states-need-plan-security-mind-every-it-project Bresler, L. (2010). Designing operational Technology with security in mind(1st ed.). Retrieved from https://www.cyberark.com/designing-operational-technology-security-mind/ Buhalis, A. (2012). A computer security is not a science(1st ed.). Retrieved from https://www.cis.upenn.edu/~stevez/papers/GGKS03.pdf Miller, N. (2012).The art and science of security research(1st ed.). Retrieved from https://www.defcon.org/images/defcon-19/dc-19-presentations/Conti/DEFCON-19-Conti-Security-Research.pdf Robert, P. (2010).Information security Art or science?(1st ed.). Retrieved from https://prezi.com/byr_dqsuidef/information-security-art-or-science/ Hadson, I. (2008).Fear factor perception of safety in south africa(1st ed.). Retrieved from https://www.google.co.in/url?sa=trct=jq=it%20security%20fear%20factor%20research%20paper%20pdfsource=webcd=1cad=rjauact=8ved=0ahUKEwjf7o_ypNXQAhXBN48KHTNoBlMQFggaMAAurl=https://www.hsrcpress.ac.za/downloadpdf.php Martin, T. (2014).Computing security issues and research challenges(1st ed.). Retrieved from https://www.ijcsits.org/papers/Vol1no22011/13vol1no2.pdf Brown, G. (2013).A overview and study of security issues and challenges(1st ed.). Retrieved from https://www.ijarcsse.com/docs/papers/9_September2012/Volume_2_issue_9/V2I900174.pdf